CWE-918— Server-Side Request Forgery (SSRF)
2,376 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-918page 2 of 48
- CVE-2018-12678CRITICALCVSS 9.8EG 9.82018-06-22
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SS…
- CVE-2018-12809HIGHCVSS 7.5EG 7.52018-07-20
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
- CVE-2018-13103MEDIUMCVSS 5.4EG 5.42019-03-21
OX App Suite 7.8.4 and earlier allows SSRF.
- CVE-2018-13404MEDIUMCVSS 4.1EG 4.12019-02-13
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7…
- CVE-2018-13790HIGHCVSS 7.2EG 7.22018-07-09
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
- CVE-2018-14514CRITICALCVSS 9.8EG 9.82018-07-23
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
- CVE-2018-14721CRITICALCVSS 10.0EG 10.02019-01-02
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
- CVE-2018-14728CRITICALCVSS 9.8EG 9.82018-08-03
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
- CVE-2018-14858HIGHCVSS 7.5EG 7.52018-08-02
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists be…
- CVE-2018-15192HIGHCVSS 8.6EG 8.62018-08-08
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
- CVE-2018-15516MEDIUMCVSS 5.8EG 5.82019-01-31
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
- CVE-2018-15517HIGHCVSS 8.6EG 8.62019-01-31
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an ind…
- CVE-2018-15657HIGHCVSS 7.3EG 7.32019-02-05
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
- CVE-2018-15895HIGHCVSS 7.5EG 7.52018-08-27
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in…
- CVE-2018-16409HIGHCVSS 8.6EG 8.62018-09-03
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
- CVE-2018-16444CRITICALCVSS 9.1EG 9.12018-09-04
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
- CVE-2018-16793HIGHCVSS 8.6EG 8.62018-09-21
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
- CVE-2018-16794HIGHCVSS 8.6EG 8.62018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
- CVE-2018-17198CRITICALCVSS 9.8EG 9.82019-05-28
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external …
- CVE-2018-17450MEDIUMCVSS 4.3EG 4.32023-04-15
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosu…
- CVE-2018-17452CRITICALCVSS 9.8EG 9.82023-04-15
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_…
- CVE-2018-1789HIGHCVSS 8.4EG 9.92018-09-07
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.
- CVE-2018-18569HIGHCVSS 8.6EG 8.62019-02-11
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl par…
- CVE-2018-18646HIGHCVSS 8.8EG 8.82018-12-04
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.
- CVE-2018-18753CRITICALCVSS 9.8EG 9.82018-10-29
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
- CVE-2018-18843CRITICALCVSS 10.0EG 10.02018-12-04
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
- CVE-2018-18867HIGHCVSS 8.6EG 8.62018-10-31
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.
- CVE-2018-19047CRITICALCVSS 10.0EG 10.02018-11-07
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maint…
- CVE-2018-19495MEDIUMCVSS 6.5EG 6.52019-07-10
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.
- CVE-2018-19571HIGHCVSS 7.7EG 7.72019-07-10
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
- CVE-2018-19601CRITICALCVSS 9.1EG 9.12019-01-03
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
- CVE-2018-19651MEDIUMCVSS 6.5EG 6.52018-11-28
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
- CVE-2018-1999017MEDIUMCVSS 4.9EG 4.92018-07-23
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary U…
- CVE-2018-1999026MEDIUMCVSS 6.5EG 6.52018-08-01
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.
- CVE-2018-1999039MEDIUMCVSS 4.3EG 4.32018-08-01
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL w…
- CVE-2018-20228HIGHCVSS 8.0EG 8.02018-12-19
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
- CVE-2018-20436HIGHCVSS 8.1EG 8.12018-12-24
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other …
- CVE-2018-20497MEDIUMCVSS 5.0EG 5.02019-12-30
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
- CVE-2018-20499HIGHCVSS 7.2EG 7.22019-12-30
An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.
- CVE-2018-20528MEDIUMCVSS 6.5EG 6.52018-12-28
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.
- CVE-2018-20596CRITICALCVSS 9.8EG 9.82018-12-30
Jspxcms v9.0.0 allows SSRF.
- CVE-2018-2370MEDIUMCVSS 5.3EG 5.32018-02-14
Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use …
- CVE-2018-2445CRITICALCVSS 9.6EG 9.62018-08-14
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF…
- CVE-2018-2463HIGHCVSS 8.6EG 8.62018-09-11
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
- CVE-2018-25031MEDIUMCVSS 4.3EG 4.32022-03-11
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was origin…
- CVE-2018-3774CRITICALCVSS 10.0EG 10.02018-08-12
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
- CVE-2018-5004HIGHCVSS 7.5EG 7.52018-07-20
Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
- CVE-2018-5006HIGHCVSS 7.5EG 7.52018-07-20
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
- CVE-2018-5752HIGHCVSS 8.8EG 8.82018-06-16
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vecto…
- CVE-2018-6029HIGHCVSS 7.5EG 7.52018-01-23
The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only con…
Map vulnerabilities like CWE-918 to your infrastructure
EchelonGraph correlates every CVE — across CWE-918 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →